Описание
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | commons-configuration2 | Not affected | ||
| A-MQ Clients 2 | commons-configuration2 | Fix deferred | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | commons-configuration2 | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | commons-configuration2 | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | commons-configuration2 | Not affected | ||
| Red Hat build of OptaPlanner 8 | commons-configuration2 | Not affected | ||
| Red Hat Data Grid 8 | commons-configuration2 | Not affected | ||
| Red Hat Fuse 7 | commons-configuration2 | Out of support scope | ||
| Red Hat Integration Camel K 1 | commons-configuration2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Уязвимость функции ListDelimiterHandler.flatten(Object, int) библиотеки Apache Commons Configuration, позволяющая нарушителю выполнить произвольный код
4.4 Medium
CVSS3